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Multiple aiAentication sessions for content protection 



The invention relates to a noethod for seciune data communication between 
consumer devices, the method comprising the following steps: 

a) activating a data communication link between the devices, 

b) transmitting data between the devices for perfonning an authentication 
5 session for authenticating one of the consumer devices, thereby creating an authenticated 

consume device, wherein the authentication session generates a first key. 
The invention further relates to a constmier device. 

The invention is in the field of consumer devices. The term "consumer device" 
is used to indicate various electrical, electronic and mechanical devices, which can be used in 
10 the work place and in and around home. Not limiting examples of these devices are optical 
disc players, TVs, VCRs, musical equipment, mobile telephones, domestic appliances (like 
microwave ovens), alami devices and garage doors. 

15 A method as mentioned above is disclosed in "Specification of the Bluetooth 

System", vl.OB, December 1^ 1999, Specification Volume 1 (Core), Part B, Baseband 
Specification (More infomiation on Bluetooth can be found on http://www.bluetQoth-com) . 
In this Specification the Bluetooth link encryption is standardized. This Unk encryption is 
based on a synunetric cryptographic algorithm. The cryptographic keys as used in this 

20 algorithm are derived from a consumer device ID and an authentication process. An 

authentication process is a process which is used by a consumer device to prove to another 
consumer device that it is actually the device is tells it is. The authentication process as 
performed in the Bluetooth link encryption is designed to provide user privacy when the user 
communicates between two of his two devices. This is achieved in the following way: the user 

25 chooses which device(s) he trust and brings 'in close contact' his user device and another 
consume device. TTiese two devices must share a common cryptographic secr^ It is the 
user's responsibility that no eavesdropper can tap into the exchange of messages and modify 
the message content. Another authentication session is perfomied in the Bluetooth link 
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2 18.10,2000 
encryption, when the user chooses a PIN code in order to ensure that no unauthorized person 
can use his Bluetooth device(s). The PEST code is used here to authenticate the user. 

However, if the system is used to exchange digital content for which the user 
has to pay, the user niay be tempted to try and break the security. By changing the PIN 
number, a malicious user is able to retrieve all the link keys and the encryption key, This 
means that the user is able to intercept and decrypt encrypted content or authenticate non- 
compliant devices. 

It is clear that when using the Bluetooth link encryption the user of the devices 
chooses which device must be authenticated. This link encryption is therefore not suitable in 
the situation in which the user is not tnjsted and can not be asked to play the role of trusted 
authority. This is^ for example, relevant in the case where it must be prohibited that the user 
can attach to the device and copy or get access to content, stored on this device, illegally. 

Hie invention has for its object to provide a method for secure data 
conmiunication between consumer devices, in which the user of the devices can not be 
trusted. 

In other to achieve this object, the method in accordance with the invention is 
characterized in that the method further comprises the step of: 

c) transmitting data between the devices for perfonning another authentication 
session for authenticating another one of the consumer devices, thereby creating another 
authenticated consumer device, wherein the authentication session generates a second key. 

The invention is based on the recognition that the security requirements for 
suitable content protection measures differ essentially from the security requirements for 
suitable user privacy protection measures, as for example implemented in the Bluetooth link 
encryption. Content protection is, for instance, used when data is digitally transferred from a 
sending device to a receiving device to ensure that only an authorized receiving device is able 
to process or render the content, 

The (first) authentication session can be performed for authenticating a 
consxmier device, e.g. in order to enable user privacy, while the other (second) authentication 
session can be performed for authenticating another consumer device, e,g. in order to enable 
content protection. For example, when a user wants to download music from his PC to his 
portable MP3-player, in the first authentication session, the PC authenticates itself to the 
MP3-player as the particular PC, which comprises SDMI complaint MP3 content. In the 
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3 18.10.2000 
second authentication session, the portable MP3-player authenticates itself to the PC as an 
MP3'pIayer which is allowed to receive the SDMI complaint MPS content. 

Within ttie Bluetooth consortium, interoperability is regarded as an essential 
feature. This method according to the invention can be introduced while maintaining 
5 functionality if older consumer devices are used. Moreover if provides interoperability 
between compliant and non-compliant consumer devices. Compliant consumer devices ate 
devices that can proof to each other that they know a secret tfiat is mily made available to 
devices which, have been certified to adhere to predefined content and/or copy protection 
rules. 

10 Another method according to the invention is characterized in that the method 

fiirther comprises the step of: d) genwating a hnk l»y for encrypting and/or decrypting the 
data communicated over the data communication link by merging the first key with the second 
key using a key merge function. Adding this step to the method has the advantage that the 
information to be transmitted between the consumer devices is better protected against 

15 eavesdroppers- 

Another noethod according to the invention is characterized in that the 
authentication sessions are performed independent of each other. Another method according 
to the invention is characterized in that step b) further comprises transmitting additional data 
between the devices for deciding whether of not to proceed with st^ c). Depending on the status 
20 of the difieient consumer devices that are used in the method, one or two authentication sessions 
must be patformed. It is therefore advantageous to transmitting additional data between the 
devices for deciding whether of not to pioceed wi^ die second authenticatiOT session and also to 
perform both authentication sessions indqpendent of each ottier, in other to be able to perform 
only one session. 

25 Another me&od according to the invention is characterized in that the key 

merge function is a bit-wise XOR-function. 

Another method according to the invention is characterized in (hat the key 
merge function comprises encrypting the first key with the second key or vice versa. This 
results in a more robust system for autbenticatLon against a malicious user. 

30 The invention also relates to a consumer device for performing the method 

according to the invention, the consumer device comprising means for activating a data 
communication link, means for transmitting data, authentication means for perfoiming an 
auth^tication session and further authentication means for perfoiming another authentication 
session. 
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4 18.10,2000 
Another consumer device according to the invention is characterized in that the 
consumer device further comprises an Application Programmers Interface (API) for informing 
the consumer device about the protection status of anoflier consumer device. 

Another consumer device according to the invention is characterized in that ihe 
consumer device further comprises receiving means for receiving information, decrypting 
means for decrypting the information using the link key and reconMng means for recording the 
information. 



These and other aspects of the invention will be further described in the figure 
description, in which 

Figure 1 shows a schematic overview of the method for secure data 
communication according to the invention^ 

Figure 2 shows a first practical implementation of the method accoixiing to the 
invention, comprising a music installation and a portable CD player. 

Figure 3 shows a second practical implementation of the xnefliod according to the 
invention, comprising a car and a garage door. 



In Figure 1 a schematic ovendew of the method for secure data communication 
according to the invention is shown. After activating a data communication link between 
consumer devices 1 and 2 (not shown), two independent authentication sessions 3 and 4. each 
comprising key generation, are performed between the consumer devices 1 and 2. The first 
authentication session 3 SCTves the purpose of protecting the users privacy, and is identical to 
the key set up already used in Bluetooth, 

This Bluetooth technology provides peer-to-peer communication over a 
relatively short distance of approximately ten met^. The system provides security measures 
both at the application layer and at the link layer. The link layer security measures are 
described in Chapter 14 of the Baseband Specification as mentioned before. This chapter 
describes the way in which authentication takes place between Bluetooth devices and the 
generation of keys that can be used for encryption/decryption purposes. Four different entities 
aie used for maintaining security at the link layer; a public address which is unique for each 
user (the 48-bit IEEE Bluetooth device address, BD _ADDR), a private user key for 
authentication, a private user key for encryption and a random number (RAND) of 128 bits. 
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The encryption key can be used for content protection. The raxidom number is different for 
each new transaction. The private keys are derived during iiutialization and are furtii«- never 
disclosed. Nonnally, the encryption key is derived from the authentication key during the 
authentication process. For the authentication algorithna, the size of the key used is always 128 
5 bits. For the encryption algorithm, the key size may vary between I and 16 octets (8-128 
bits). The size of the encryption key is configurable, among others to meet the many different 
requirements imposed on cryptographic algori&ms in different coimtiies — both with respect 
to export regulations and authority attitudes towards privacy in g^eral. The encryption key is 
entirely different ftx>m the authentication key (even though the latter is used when creating the 

10 former). Each time encryption is activated a new encryption key shall be generated- Thus, the 
lifetime of the encryption key does not necessarily correspond to the lifetime of the 
authentication key. It is anticipated that the authentication key will be more static to its nature 
than the encryption key — once established the particular ^plication running on the Bluetooth 
device decides whea> or if, to change it. To underline the flmdamental importance of the 

15 authentication key to a specific Bluetooth link, it will often be referred to as link key. The 
RAND is a random number that can be derived from a random or pseudo-random process in 
the Bluetooth unit. This is not a static parameter, it will change frequently. It is in the interest 
of a user to ensure that no unauthorized person can use his Bluetooth device(s). For this 
reason, the user may choose a PIN code. As such, a user may be expected to use the Bluetooth 

20 system as intended for purposes which, for instance, involve privacy. 



upperboxinded to a limited number of key bits, in cryptographic sense, that are generated. The 
second authentication session 4 serves the purpose of content protection, by identifying the 
consumer device as being compliant and determining its functionality (e.g. rendering device, 

25 recorder). The result of the first authentication session 3» the key 5, is merged with the result 
of the second authentication session 4, the key 6, in the key merge 9. This merging is 
performed using a key merge function, e.g- an XOR-function. Instead of an XOR-function, 
also other key merge solutions can be chosen, like encrypting ttie first key 5 with the second 
I<ey 6 (in which one of the keys is the PIN code which must be provided by the user; this 

30 results in a more xobust system for authenticaiion against malicious users, in which devices 
can proof to each other that they are certified as being compliant and an additional level of 
robustness, tunable via the choice of the key merging function, to the privacy protection). The 
result of this key merge is a link key which is communicated over communication line 10. 
This link key is used in module 12 for encryption and/or decrypting the information stored in 



For reasons of national security or exportability, this first session is 
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consumer device 2, suppBed over communication line 1 1 . The encrypted or decrypted 
infomiation is communicated over communication Une 13. This information can be suppKed 
to the authenticated consumer device 1. The link key is used in both consumer devices, for 
encrypting the content before transmission in one device, and for decrypting the content after 
5 receipt in the other device. 

The method as shown here by way of example has the following properties: 

- It allows the user to select trusted devices which he wants to be able to 

communicate with, for example for providing privacy protection. In this phase the user is 

trusted and he is in control of ffie outcome of authentication and key generation. With 

10 reference to Figure 1, the user can, for example, select consumer device 1 as the trusted 
device. 

- Jt includes a mechanism for authentication in which devices can proof to each 
other that fliey arc certified as being compliam. This phase must be fully robust against 
malicious users. With reference to Rgure 1, the user can, after selecting consumer device 1 as 

15 Ihe trusted device, "ask" consumer device 2 to authenticate himself as being compliant. 

- It allows key escrow of private communications in countries where this a 
legal requirement. In those countries, the master secrets are made available to a national 
security agency in order to enable it to derive the key 6, as created by performing the second 
authentication session. A key escrow system is an encryption system with a backup decryption 
capability that enable authorized authorities (e.g. a national security agency) to iccover strong 
encryption key where this is a legal requirement. 

- It enables interoperability between compUant and non-compKant consumer 
devices to the fullest extent possible, within the limitations of the rights of the user. This will 
be explained below in detail, 

- It allows key revocation. It is left to the particular application to decide on 
whether or not to release content at high quality. This decision may depend on whether fust 
authenticated consumer device itself to be compliance. Also a revocation mechanism can be 
checked before content is released. 

In another embodiment of tiie consumer system for the method according the 
invention, the conrounication system further comprises an AppUcation Programmers Interface 
CAPI) for informing a consumer device of the system about the protection status Of another 
consumer device of the system. This API aUows an ^plication as used in a consumer device 
to find out what effective key length is used on the authentication session Unk and whether fee 
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7 18.10.2000 
othff consumer device is conqjliant, and what type of functionality that consunaer device has, 
The API does not allow the ^plication to control or influence the key generation algorithm. 

When perfonning the method according to the invention the following different 
situations can occur. They will be elaborated with reference to the method as explained with 
5 reference to Figure 1. In bold the different consumer devices as present in the particular 
situation are indicated. 

- Compliant content source and non-compliant playing device: 

In this situation, the second authentication session 4 results in the all zero word. By this result, 
the "trusted" device knows that the other consumer device is non-compliant. Protected content 
10 can be exchanged at a quality level accepted by the rights owners (e.g. CD quality or below, 
stereo only, etc). 

- Compliant content source and non-compliant recorder device: 

In this situation, no restrictions on recording "Copy Free" content are imposed on the non- 
compliant recorder device. It can be chosen that "Copy Once" content is only dehvered to this 
15 consumer device of a limited quality and that "Copy Never" contmt will not be delivered. 

- Non-compliant content source and conipliant receiving device: 

In this situation, no restrictions on the use of the content are imposed by the source* In the 
receiving device^ the content must be handled as if it came from an analog or unprotected 
digital input. 

20 - Compliant content source with SDMI content and compliant receiving device: 

According to the recent SDMI Specification, SDMI content is allowed to be sent over linlcs 
that are protected. As the Bluetooth specification defines a secure link encryption system, 
Bluetooth can be used to send SDMI content, IBgh quality content can be used if the 
consumer devices is used are compliant, hmited quality content can be used if at least one of 

25 the consumer devices is non-compliant 

In Figure 2 a first practical implementation of ttie method according to the 
invention is shown. In this example the method is used in a communication system 
comprising a music installation 14 and a portable CD-player 15 and the user of the portable 
CD-player wishes to download some content stored in the music installation. After activating 

30 a data communication link between the devices, for example by using Bluetooth link 
Kicryption, a first authentication session 16 is performed between these two consumer 
devices. In this authentication session the music installation proves to the user of the portable 
CD player that it is the consumer device the user wishes to download music from. Next, a 
second authentication session 17 is performed between these two consumer devices. In tfiis 
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8 18,10.2000 
authentication session the portable CD player proves to the music instaUatiOii that the portable 
CD player is allowed to download the content, i,e. it must prove it is compliant If both 
authentication sessions are successful, the key-merge block used for decrypting the enciypted 
content from the music installation Is generated and the music can be downloaded to the 
5 portable CD player. 

In Figure 3 a second practical implementation of tiie meliiod according to the 
invention is shown. In this example the method is used in a garage door opening system. The 
elements of this system are a transmitter/receiver 27, being installed in a car 18 and 
transmitter/receivers 21 and 22, being installed in garage doors 19 and 20 respectively. In the 
10 event ftat the driver of the car IS approaches his own garage door, in this case garage door 20, 
he first must prove that he drives the car belonging to this garage door 22, and not for example 
to the garage door of his neighbor^ garage door 19. To this end, he performs a first 
authentication session 23 (with reference number 25, this same authentication session is 
depicted, in order to indicate that the information signals ou^uttedby the transmitterAweiver 

15 27 ate also detected by the transmitter/receiver 21 of the garage door 19), Next, a second 

authentication session 24 is performed. In this authentication session the garage door proves to 
the car that it is the coirect garage door. If this authendcation is not perfomied, also garage 
door 19 might be opened, by performing the auflientication session as indicated with reference 
number 26. If both authentication sessions are successful the garage door 20 is opened, 

20 Whilst the invention has been described with reference to preferred embodiments 

therefor, it is to be understood that these are not limitative examples. Thus, various modifications 
may become apparent to those dolled in tfie art, without departing from the scope of flie 
invention, as defined by the claims. 

It must be noted that, although the embodiments are directed to use in the 

25 Bluetootti specification, the invention is not limited to the Bluetooth Unk encryption. 

Further, flie invention lies in each and every novel feature or combination of 

features. 
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CLAIMS: 



1, ^fethod for secure data conimunication between consiuner devices, the method 
comprising the following steps: 

a) activating a data commumcation link between the devices^ 

b) transmitting data between the devices for perfonmng an authentication 

5 session for authenticating one (3) of the consumer devices, thereby creating an auAenticatcd 
consumer device wherein the authentication session generates a first fcey (5), chaiact«ized in 
that the method further comprises the step of; 

c) transmitting data between the devices for performing another authentication 
session for autiienticating another one (4) of the consumer devices, thereby creating another 

1 0 authenticated consumer device (2), wherein the authentication session generates a second key 
(6)- 

2, The method as claimed in claim 1^ characterized in that the method further 
comprises the step of: 

15 d) generating a link key (9) for encrypting and/or decrypting the data 

communicated over the data communication link by merging the first key (5) with the second 
key (6) using a key merge function. 

3, The method as claimed in claim 1 or 2> characterized in that the authentication 
20 sessions ate performed independent of each other. 

4, The method as claimed in claim 1, characteri2:ed in that step b) further 
comprises transmitting additional data between the devices for deciding wheflier of not to 
proceed with step c), 

25 

5, The method as claimed in claim 1, characterized in that the first authentication 
session is an authentication session as described in the Bluetooth link encryption specification. 
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^' The method as claimed in claim 2, characterized in that the key m&ge function 

has one or more of the following properties; 

- for any two given first and second keys as input in the key merge function, the ' 
link key output of the key merge function is uniquely specified; 

5 - the number of link key output bits is constant; ^ if the second key is undefined 

or all zero, the link key output bits ate identical to the bits of the first key; 

- for any first key. the imcertainty in the ouQ>ut is approximately equal to the 
uncertainly of the second key; 

- for any second key, the uncertainty in the output is approximately equal to the 
10 uncertainty of the first key. 

7- The method as claimed in claim 6, characterized in that the key merge function 

is a bit-wise XOR-function. 

15 8. The method as claimed in claim 2, characterized in that the key merge fianction 

comprises encrypting the first key with the second key or vice versa. 

9- Consumer device for performing dxc method according to one of the claims 1 to 8, 
the consumer device comprising means for activating a data communication link, means for 

20 transmitting data^ authentication means for performing an authentication session and furdier 
auflientication means for perfomiing another authentication session, 

10- The consume device as claimed in claim 9, characrerized in that ihe consumer 
device further comprises an Application Programmers Interface (API) for informing the 

25 consume device about the protection status of another consumer device, 

1 1- The consumer device as claimed in claim 9 or 10, characterized in that the 
consumM- device further comprises receiving means for receiving information, decrypting 
means for decrypting the information using the link key (9) and recording means for recording 

30 the information* 



12- The consumer device as claimed in claim 9, wherein the consume device is a 

portable device, e.g, a headphone or a walkman. 
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13. The consumer device as claimed in claim 9, wherein the consumer device 

comprises means for perfonning short-range wireless data communication. 
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The invention is in ihe field of consumer devices. The * 'consumer device" is 
used to indicate various electrical, electronic and mechanical devices, which can be used in 
the work place and in and around home. 

The invention relates to a method for secure data communication between 
consumer devices, \fefhods in which the user of the devices chooses which device he trusts 
and which device must be authenticated are known. These methods are not suitable in the 
situation in which the user can not be trusted. The method according to the invention therefore 
comprises the following steps: a) activating a data communication link between the devices, b) 
transmitting data between the devices for performing an authentication session for 
authenticating one (3) of the consumer devices, thereby creating an authenticated consimi^ 
device (1), wherein the authentication session generates a first key (5), and c) transmitting data 
between the devices for performing another authentication session for authenticating another 
one (4) of the consumer devices, thereby creating another authenticated consumer device (2), 
wherein the authentication session generates a second key (6). 

The invention further relates to a consumer device- 
Fig. 1 



